PORT SCAN |
| 2022-10-31 | Rob VandenBrink | NMAP without NMAP - Port Testing and Scanning with PowerShell |
| 2022-10-19 | Xavier Mertens | Are Internet Scanning Services Good or Bad for You? |
| 2016-02-02 | Johannes Ullrich | Targeted IPv6 Scans Using pool.ntp.org . |
| 2010-11-24 | Jim Clausing | Help with odd port scans |
PORT |
| 2025-04-06/a> | Johannes Ullrich | New SSH Username Report |
| 2025-02-26/a> | Jesse La Grew | [Guest Diary] Malware Source Servers: The Threat of Attackers Using Ephemeral Ports as Service Ports to Upload Data |
| 2025-01-23/a> | Johannes Ullrich | XSS Attempts via E-Mail |
| 2024-06-17/a> | Xavier Mertens | New NetSupport Campaign Delivered Through MSIX Packages |
| 2024-04-25/a> | Jesse La Grew | Does it matter if iptables isn't running on my honeypot? |
| 2023-08-18/a> | Xavier Mertens | From a Zalando Phishing to a RAT |
| 2022-10-31/a> | Rob VandenBrink | NMAP without NMAP - Port Testing and Scanning with PowerShell |
| 2022-10-21/a> | Brad Duncan | sczriptzzbn inject pushes malware for NetSupport RAT |
| 2022-10-19/a> | Xavier Mertens | Are Internet Scanning Services Good or Bad for You? |
| 2022-01-02/a> | Guy Bruneau | Exchange Server - Email Trapped in Transport Queues |
| 2021-10-14/a> | Xavier Mertens | Port-Forwarding with Windows for the Win |
| 2021-06-03/a> | Jim Clausing | Strange goings on with port 37 |
| 2021-02-25/a> | Jim Clausing | So where did those Satori attacks come from? |
| 2021-02-16/a> | Jim Clausing | More weirdness on TCP port 26 |
| 2020-10-24/a> | Guy Bruneau | An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1 |
| 2020-02-05/a> | Brad Duncan | Fake browser update pages are "still a thing" |
| 2019-11-19/a> | Johannes Ullrich | Cheap Chinese JAWS of DVR Exploitability on Port 60001 |
| 2019-08-01/a> | Johannes Ullrich | What is Listening On Port 9527/TCP? |
| 2019-07-26/a> | Kevin Shortt | DVRIP Port 34567 - Uptick |
| 2019-03-09/a> | Guy Bruneau | A Comparison Study of SSH Port Activity - TCP 22 & 2222 |
| 2018-12-16/a> | Guy Bruneau | Random Port Scan for Open RDP Backdoor |
| 2018-01-09/a> | Jim Clausing | What is going on with port 3333? |
| 2017-09-22/a> | Russell Eubanks | What is the State of Your Union? |
| 2017-09-05/a> | Johannes Ullrich | The Mirai Botnet: A Look Back and Ahead At What's Next |
| 2017-08-18/a> | Guy Bruneau | tshark 2.4 New Feature - Command Line Export Objects |
| 2017-06-16/a> | Lorna Hutcheson | What is going on with Port 83? |
| 2017-04-22/a> | Jim Clausing | WTF tcp port 81 |
| 2017-01-28/a> | Guy Bruneau | Request for Packets and Logs - TCP 5358 |
| 2017-01-10/a> | Johannes Ullrich | Port 37777 "MapTable" Requests |
| 2016-05-26/a> | Xavier Mertens | Keeping an Eye on Tor Traffic |
| 2016-04-25/a> | Guy Bruneau | Highlights from the 2016 HPE Annual Cyber Threat Report |
| 2016-02-02/a> | Johannes Ullrich | Targeted IPv6 Scans Using pool.ntp.org . |
| 2015-09-28/a> | Johannes Ullrich | "Transport of London" Malicious E-Mail |
| 2015-06-27/a> | Guy Bruneau | Is Windows XP still around in your Network a year after Support Ended? |
| 2015-04-08/a> | Tom Webb | Is it a breach or not? |
| 2014-10-13/a> | Lorna Hutcheson | For or Against: Port Security for Network Access Control |
| 2014-09-15/a> | Johannes Ullrich | Google DNS Server IP Address Spoofed for SNMP reflective Attacks |
| 2014-07-05/a> | Guy Bruneau | Java Support ends for Windows XP |
| 2014-06-11/a> | Daniel Wesemann | Help your pilot fly! |
| 2014-05-23/a> | Richard Porter | Highlights from Cisco Live 2014 - The Internet of Everything |
| 2014-03-26/a> | Johannes Ullrich | Let's Finally "Nail" This Port 5000 Traffic - Synology owners needed. |
| 2014-03-13/a> | Daniel Wesemann | Identification and authentication are hard ... finding out intention is even harder |
| 2014-03-06/a> | Mark Baggett | Port 5000 traffic and snort signature |
| 2014-01-22/a> | Chris Mohan | Learning from the breaches that happens to others |
| 2014-01-11/a> | Guy Bruneau | tcpflow 1.4.4 and some of its most Interesting Features |
| 2014-01-02/a> | Johannes Ullrich | Scans Increase for New Linksys Backdoor (32764/TCP) |
| 2013-11-25/a> | Johannes Ullrich | More Bad Port 0 Traffic |
| 2013-11-22/a> | Rick Wanner | Port 0 DDOS |
| 2013-10-30/a> | Russ McRee | SIR v15: Five good reasons to leave Windows XP behind |
| 2013-05-19/a> | Kevin Shortt | Port 51616 - Got Packets? |
| 2013-03-03/a> | Richard Porter | Uptick in MSSQL Activity |
| 2013-01-08/a> | Richard Porter | Yahoo Web Interface Report: Compose and Send |
| 2012-12-06/a> | Daniel Wesemann | Fake tech support calls - revisited |
| 2012-10-03/a> | Kevin Shortt | Fake Support Calls Reported |
| 2012-01-27/a> | Mark Hofman | CISCO Ironport C & M Series telnet vulnerability |
| 2012-01-13/a> | Guy Bruneau | Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx |
| 2011-11-11/a> | Rick Wanner | APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update |
| 2011-10-25/a> | Chris Mohan | Recurring reporting made easy? |
| 2011-08-25/a> | Kevin Shortt | Increased Traffic on Port 3389 |
| 2011-06-29/a> | Johannes Ullrich | Random SSL Tips and Tricks |
| 2011-06-21/a> | Chris Mohan | Australian government security audit report shows tough love to agencies |
| 2011-05-23/a> | Mark Hofman | Microsoft Support Scam (again) |
| 2011-04-20/a> | Daniel Wesemann | Data Breach Investigations Report published by Verizon |
| 2011-01-25/a> | Chris Mohan | Reviewing our preconceptions |
| 2011-01-24/a> | Rob VandenBrink | Where have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool |
| 2011-01-15/a> | Jim Clausing | What's up with port 8881? |
| 2011-01-08/a> | Guy Bruneau | PandaLabs 2010 Annual Report |
| 2010-11-24/a> | Jim Clausing | Help with odd port scans |
| 2010-08-16/a> | Raul Siles | The Seven Deadly Sins of Security Vulnerability Reporting |
| 2010-07-29/a> | Rob VandenBrink | The 2010 Verizon Data Breach Report is Out |
| 2010-07-06/a> | Rob VandenBrink | Bogus Support Organizations use Live Operators to Install Malware |
| 2010-06-15/a> | Manuel Humberto Santander Pelaez | Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild |
| 2010-04-20/a> | Raul Siles | Are You Ready for a Transportation Collapse...? |
| 2010-03-01/a> | Mark Hofman | Microsoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update. |
| 2010-02-03/a> | Rob VandenBrink | Support for Legacy Browsers |
| 2010-01-09/a> | G. N. White | What's Up With All The Port Scanning Using TCP/6000 As A Source Port? |
| 2009-10-28/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 28 - ntp (123/udp) |
| 2009-10-25/a> | Lorna Hutcheson | Cyber Security Awareness Month - Day 25 - Port 80 and 443 |
| 2009-10-21/a> | Pedro Bueno | Cyber Security Awareness Month - Day 21 - Port 135 |
| 2009-10-17/a> | Rick Wanner | Cyber Security Awareness Month - Day 17 - Port 22/SSH |
| 2009-10-15/a> | Deborah Hale | Cyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email |
| 2009-10-11/a> | Mark Hofman | Cyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP) |
| 2009-10-08/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 8 - Port 25 - SMTP |
| 2009-05-02/a> | Rick Wanner | Significant increase in port 2967 traffic |
| 2009-04-15/a> | Marcus Sachs | 2009 Data Breach Investigation Report |
| 2009-01-21/a> | Raul Siles | Traffic increase for port UDP/8247 |
| 2008-12-16/a> | donald smith | Cisco's Annual Security report has been released. |
| 2008-08-02/a> | Maarten Van Horenbeeck | A little of that human touch |
| 2008-07-02/a> | Jim Clausing | The scoop on the spike in UDP port 7 traffic |
| 2008-05-26/a> | Marcus Sachs | Port 1533 on the Rise |
| 2008-04-27/a> | Marcus Sachs | What's With Port 20329? |
| 2008-04-10/a> | Deborah Hale | DSLReports Being Attacked Again |
| 2008-04-08/a> | Swa Frantzen | Symantec's Global Internet Security Threat Report |
| 2006-11-29/a> | Toby Kohlenberg | New Vulnerability Announcement and patches from Apple |
| 2006-09-21/a> | Johannes Ullrich | Apple updates Airport Drivers |
SCAN |
| 2025-04-29/a> | Guy Bruneau | Web Scanning Sonicwall for CVE-2021-20016 |
| 2025-02-17/a> | Russ McRee | ModelScan - Protection Against Model Serialization Attacks |
| 2024-09-13/a> | Jesse La Grew | Finding Honeypot Data Clusters Using DBSCAN: Part 2 |
| 2024-08-29/a> | Xavier Mertens | Live Patching DLLs with Python |
| 2024-08-22/a> | Johannes Ullrich | OpenAI Scans for Honeypots. Artificially Malicious? Action Abuse? |
| 2024-07-16/a> | Guy Bruneau | Who You Gonna Call? AndroxGh0st Busters! [Guest Diary] |
| 2024-07-10/a> | Jesse La Grew | Finding Honeypot Data Clusters Using DBSCAN: Part 1 |
| 2024-03-06/a> | Bojan Zdrnja | Scanning and abusing the QUIC protocol |
| 2023-12-16/a> | Xavier Mertens | An Example of RocketMQ Exploit Scanner |
| 2023-12-06/a> | Jan Kopriva | Whose packet is it anyway: a new RFC for attribution of internet probes |
| 2023-09-23/a> | Guy Bruneau | Scanning for Laravel - a PHP Framework for Web Artisants |
| 2023-08-20/a> | Guy Bruneau | SystemBC Malware Activity |
| 2023-05-03/a> | Xavier Mertens | Increased Number of Configuration File Scans |
| 2023-04-28/a> | Xavier Mertens | Quick IOC Scan With Docker |
| 2022-10-31/a> | Rob VandenBrink | NMAP without NMAP - Port Testing and Scanning with PowerShell |
| 2022-10-19/a> | Xavier Mertens | Are Internet Scanning Services Good or Bad for You? |
| 2022-08-26/a> | Guy Bruneau | HTTP/2 Packet Analysis with Wireshark |
| 2022-07-23/a> | Guy Bruneau | Analysis of SSH Honeypot Data with PowerBI |
| 2022-03-20/a> | Didier Stevens | MGLNDD_* Scans |
| 2022-02-15/a> | Xavier Mertens | Who Are Those Bots? |
| 2022-01-16/a> | Guy Bruneau | 10 Most Popular Targeted Ports in the Past 3 Weeks |
| 2021-10-30/a> | Guy Bruneau | Remote Desktop Protocol (RDP) Discovery |
| 2021-10-09/a> | Guy Bruneau | Scanning for Previous Oracle WebLogic Vulnerabilities |
| 2021-09-02/a> | Xavier Mertens | Attackers Will Always Abuse Major Events in our Lifes |
| 2021-08-13/a> | Guy Bruneau | Scanning for Microsoft Exchange eDiscovery |
| 2021-07-10/a> | Guy Bruneau | Scanning for Microsoft Secure Socket Tunneling Protocol |
| 2021-06-26/a> | Guy Bruneau | CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability |
| 2021-06-12/a> | Guy Bruneau | Fortinet Targeted for Unpatched SSL VPN Discovery Activity |
| 2021-05-31/a> | Rick Wanner | Quick and dirty Python: nmap |
| 2021-05-08/a> | Guy Bruneau | Who is Probing the Internet for Research Purposes? |
| 2021-05-04/a> | Rick Wanner | Quick and dirty Python: masscan |
| 2021-04-24/a> | Guy Bruneau | Base64 Hashes Used in Web Scanning |
| 2021-02-13/a> | Guy Bruneau | Using Logstash to Parse IPtables Firewall Logs |
| 2021-01-11/a> | Rob VandenBrink | Using the NVD Database and API to Keep Up with Vulnerabilities and Patches - Tool Drop: CVEScan (Part 3 of 3) |
| 2020-12-05/a> | Guy Bruneau | Is IP 91.199.118.137 testing Access to aahwwx.52host.xyz? |
| 2020-12-04/a> | Guy Bruneau | Detecting Actors Activity with Threat Intel |
| 2020-10-24/a> | Guy Bruneau | An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1 |
| 2020-10-20/a> | Xavier Mertens | Mirai-alike Python Scanner |
| 2020-10-03/a> | Guy Bruneau | Scanning for SOHO Routers |
| 2020-08-22/a> | Guy Bruneau | Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common? |
| 2020-08-08/a> | Guy Bruneau | Scanning Activity Include Netcat Listener |
| 2020-07-19/a> | Guy Bruneau | Scanning Activity for ZeroShell Unauthenticated Access |
| 2020-07-11/a> | Guy Bruneau | Scanning Home Internet Facing Devices to Exploit |
| 2020-06-13/a> | Guy Bruneau | Mirai Botnet Activity |
| 2020-05-16/a> | Guy Bruneau | Scanning for Outlook Web Access (OWA) & Microsoft Exchange Control Panel (ECP) |
| 2020-05-08/a> | Xavier Mertens | Using Nmap As a Lightweight Vulnerability Scanner |
| 2020-04-07/a> | Johannes Ullrich | Increase in RDP Scanning |
| 2020-03-21/a> | Guy Bruneau | Honeypot - Scanning and Targeting Devices & Services |
| 2020-02-29/a> | Guy Bruneau | Hazelcast IMDG Discover Scan |
| 2019-11-23/a> | Guy Bruneau | Local Malware Analysis with Malice |
| 2019-11-05/a> | Rick Wanner | Bluekeep exploitation causing Bluekeep vulnerability scan to fail |
| 2019-11-03/a> | Didier Stevens | You Too? "Unusual Activity with Double Base64 Encoding" |
| 2019-10-30/a> | Xavier Mertens | Keep an Eye on Remote Access to Mailboxes |
| 2019-10-20/a> | Guy Bruneau | Scanning Activity for NVMS-9000 Digital Video Recorder |
| 2019-09-27/a> | Xavier Mertens | New Scans for Polycom Autoconfiguration Files |
| 2019-09-07/a> | Guy Bruneau | Unidentified Scanning Activity |
| 2019-05-16/a> | Xavier Mertens | The Risk of Authenticated Vulnerability Scans |
| 2019-04-04/a> | Xavier Mertens | New Waves of Scans Detected by an Old Rule |
| 2019-03-09/a> | Guy Bruneau | A Comparison Study of SSH Port Activity - TCP 22 & 2222 |
| 2019-03-08/a> | Remco Verhoef | Analysing meterpreter payload with Ghidra |
| 2019-02-18/a> | Didier Stevens | Know What You Are Logging |
| 2019-02-02/a> | Guy Bruneau | Scanning for WebDAV PROPFIND Exploiting CVE-2017-7269 |
| 2018-12-23/a> | Guy Bruneau | Scanning Activity, end Goal is to add Hosts to Mirai Botnet |
| 2018-12-16/a> | Guy Bruneau | Random Port Scan for Open RDP Backdoor |
| 2018-07-02/a> | Guy Bruneau | Hello Peppa! - PHP Scans |
| 2018-05-06/a> | Guy Bruneau | Scans Attempting to use PowerShell to Download PHP Script |
| 2018-04-30/a> | Remco Verhoef | Another approach to webapplication fingerprinting |
| 2018-01-07/a> | Guy Bruneau | SSH Scans by Clients Types |
| 2017-11-13/a> | Guy Bruneau | jsonrpc Scanning for root account |
| 2017-07-19/a> | Xavier Mertens | Bots Searching for Keys & Config Files |
| 2017-05-18/a> | Xavier Mertens | My Little CVE Bot |
| 2017-04-22/a> | Jim Clausing | WTF tcp port 81 |
| 2017-01-14/a> | Xavier Mertens | Backup Files Are Good but Can Be Evil |
| 2017-01-13/a> | Xavier Mertens | Who's Attacking Me? |
| 2016-12-31/a> | Xavier Mertens | Ongoing Scans Below the Radar |
| 2016-09-10/a> | Xavier Mertens | Ongoing IMAP Scan, Anyone Else? |
| 2016-05-26/a> | Xavier Mertens | Keeping an Eye on Tor Traffic |
| 2016-02-03/a> | Xavier Mertens | Automating Vulnerability Scans |
| 2016-02-02/a> | Johannes Ullrich | Targeted IPv6 Scans Using pool.ntp.org . |
| 2015-11-04/a> | Johannes Ullrich | Internet Wide Scanners Wanted |
| 2015-04-23/a> | Bojan Zdrnja | When automation does not help |
| 2014-09-19/a> | Guy Bruneau | Web Scan looking for /info/whitelist.pac |
| 2014-07-26/a> | Chris Mohan | "Internet scanning project" scans |
| 2014-06-22/a> | Russ McRee | OfficeMalScanner helps identify the source of a compromise |
| 2014-06-11/a> | Daniel Wesemann | Gimme your keys! |
| 2014-03-06/a> | Mark Baggett | Port 5000 traffic and snort signature |
| 2014-02-15/a> | Rob VandenBrink | More on HNAP - What is it, How to Use it, How to Find it |
| 2014-02-14/a> | Chris Mohan | Scanning activity for /siemens/bootstrapping/JnlpBrowser/Development/ |
| 2014-02-13/a> | Johannes Ullrich | Linksys Worm ("TheMoon") Captured |
| 2014-02-12/a> | Johannes Ullrich | Suspected Mass Exploit Against Linksys E1000 / E1200 Routers |
| 2014-01-31/a> | Chris Mohan | Looking for packets from three particular subnets |
| 2014-01-17/a> | Russ McRee | Massive RFI scans likely a free web app vuln scanner rather than bots |
| 2014-01-09/a> | Bojan Zdrnja | Massive PHP RFI scans |
| 2013-12-19/a> | Rob VandenBrink | Passive Scanning Two Ways - How-Tos for the Holidays |
| 2013-12-09/a> | Rob VandenBrink | Scanning without Scanning |
| 2013-10-22/a> | Richard Porter | Greenbone and OpenVAS Scanner |
| 2013-10-17/a> | Adrien de Beaupre | Internet wide DNS scanning |
| 2013-10-12/a> | Richard Porter | Reported Spike in tcp/5901 and tcp/5900 |
| 2013-08-19/a> | Rob VandenBrink | ZMAP 1.02 released |
| 2013-07-01/a> | Manuel Humberto Santander Pelaez | Using nmap scripts to enhance vulnerability asessment results |
| 2013-03-03/a> | Richard Porter | Uptick in MSSQL Activity |
| 2013-02-03/a> | Lorna Hutcheson | Is it Really an Attack? |
| 2012-11-30/a> | Daniel Wesemann | Nmap 6.25 released - lots of new goodies, see http://nmap.org/changelog.html |
| 2012-08-13/a> | Rick Wanner | Interesting scan for medical certification information... |
| 2012-06-27/a> | Daniel Wesemann | What's up with port 79 ? |
| 2011-07-17/a> | Mark Hofman | SSH Brute Force |
| 2011-02-28/a> | Deborah Hale | Possible Botnet Scanning |
| 2011-02-07/a> | Pedro Bueno | The Good , the Bad and the Unknown Online Scanners |
| 2010-11-24/a> | Jim Clausing | Help with odd port scans |
| 2010-08-10/a> | Daniel Wesemann | SSH - new brute force tool? |
| 2010-02-01/a> | Rob VandenBrink | NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care? |
| 2010-01-09/a> | G. N. White | What's Up With All The Port Scanning Using TCP/6000 As A Source Port? |
| 2009-06-26/a> | Mark Hofman | PHPMYADMIN scans |
| 2009-06-24/a> | Kyle Haugsness | TCP scanning increase for 4899 |
| 2009-02-01/a> | Chris Carboni | Scanning for Trixbox vulnerabilities |
| 2009-01-30/a> | Mark Hofman | Request for info - Scan and webmail |
| 2009-01-12/a> | William Salusky | Web Application Firewalls (WAF) - Have you deployed WAF technology? |
